﻿using System;
using System.Collections.Generic;
using System.Data;
using System.Data.SqlClient;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;

namespace parkour
{
   public partial class _Default : System.Web.UI.Page
   {
      string tm_EmptyString = "</br>";

      protected void Page_Load(object sender, EventArgs e)
      {
         ErrorMessage.Text = tm_EmptyString;
         UserName.Focus();
      }

      protected void LoginButtonClick(object sender, EventArgs e)
      {
         // Open DB connection
         SqlConnection PK_DB = new SqlConnection(System.Web.Configuration.WebConfigurationManager.ConnectionStrings["SEI_PKConnString"].ConnectionString);
         PK_DB.Open();

         SqlCommand GetUser = new SqlCommand("check_user_login", PK_DB);
         GetUser.CommandType = CommandType.StoredProcedure;
         GetUser.Parameters.AddWithValue("@user_ID", UserName.Text);
         GetUser.Parameters.AddWithValue("@password", Password.Text);

         SqlDataReader user_reader = GetUser.ExecuteReader();

         if (user_reader.HasRows)
         {
            while (user_reader.Read())
            {
               Master.user_ID = user_reader["user_ID"].ToString();
            }
         }
         else
         {
            ErrorMessage.Text = "You fail. Try again";
         }

         user_reader.Close();
         user_reader.Dispose();
         GetUser.Dispose();

         if (ErrorMessage.Text == tm_EmptyString)
         {
            // Update the user first and last name variables for Site.Master
            SqlCommand GetUserName = new SqlCommand("get_user_name", PK_DB);
            GetUserName.CommandType = CommandType.StoredProcedure;
            GetUserName.Parameters.AddWithValue("@user_ID", Master.user_ID);

            SqlDataReader user_name_reader = GetUserName.ExecuteReader();

            if (user_name_reader.HasRows)
            {
               while (user_name_reader.Read())
               {
                  Master.user_first_name = user_name_reader["f_name"].ToString();
                  Master.user_last_name = user_name_reader["l_name"].ToString();
               }
            }

            user_name_reader.Close();
            user_name_reader.Dispose();
            GetUserName.Dispose();

            // Get user permissions and redirect
            SqlCommand GetPermissions = new SqlCommand("get_permission", PK_DB);
            GetPermissions.CommandType = CommandType.StoredProcedure;
            GetPermissions.Parameters.AddWithValue("@user_ID", Master.user_ID);

            SqlDataReader user_permission = GetPermissions.ExecuteReader();

            if (user_permission.HasRows)
            {
               while (user_permission.Read())
               {
                  Master.permission_level = (int)user_permission["p_ID"];
               }
            }

            user_permission.Close();
            user_permission.Dispose();
            GetPermissions.Dispose();

            // Close DB connection
            PK_DB.Close();
            PK_DB.Dispose();

            Master.logout_visibility = true;
            Response.Redirect("~/Web pages/Public Pages/PickSpot.aspx");
            if (Master.permission_level == 1)
            {
               Response.Redirect("~/Web pages/Admin Pages/AdminIndex.aspx");
            }
            else if (Master.permission_level == 2)
            {
               Response.Redirect("~/Web pages/Security Pages/SecurityIndex.aspx");
            }
            else if (Master.permission_level == 3)
            {
               Response.Redirect("~/Web pages/User Pages/UserIndex.aspx");
            }
            else
            {
               //error
            }
         }
      }
   }
}
